HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free and registered users see less advertising! If you just want to browse through the existing questions, just select the forum that you want to visit from the selection below. Otherwise, click here to register!. We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Funky Worm

Ok, so... I sat for about 5 hours at work today, doing nothing. Evidently, our network got hit by one of them there Windows network worms and those of us who were affected by it (the ones using Win2k, as it were) kept getting our workstations rebooted every 5 minutes :evil: . The intranet and the mail server were down also... Talk about a mess for over 1200 employees.

My quesion is... How would an admin, or a group of them, go about stopping one of these? This thing propagated itself all the way out to (at least) one of our assembly plants in OH. Other than shutting down the network and cleaning out all the workstations; how would could you fix the effects of this type of virus? Would you just set some worm-sniffing software on it, or what? Somehow, I know it can't be as simple as that though...

1. How many windows workstations?
2. How many windows servers?
3. How many unix/linux workstations?
4. How many unix/linux servers?
5. How many and what brand of routers, switches, hubs?
6. Do you have recent backups of all systems?
7. Were all computers affected or select few?
8. Can provide a graphical layout of the network?

If you can answer some or most of these questions ill be able to tell you how to start the cleanup process.

The best way would be to make sure everyone is using Linux. Windows is shit, plain and simple! I suppose the worm must have entered the network via an email attachment, or via a download that a company would not permit. My recommendation is to scan all email entering the company before they arrive to the client, thus eliminating the spread of the worm from within the network.

1. How many windows workstations?
2. How many windows servers?
3. How many unix/linux workstations?
4. How many unix/linux servers?
5. How many and what brand of routers, switches, hubs?
6. Do you have recent backups of all systems?
7. Were all computers affected or select few?
8. Can provide a graphical layout of the network?

If you can answer some or most of these questions ill be able to tell you how to start the cleanup process.

Well... I'm just a CAD designer who is using this system. My sys admin experience only extends to my Linux boxes at home (and that's just a hobby). I do feel sorry for the poor bastard(s) who have to clean this mess up, or who may have been careless enough to have it happen in the first place.

In short; I can only estimate that there were at lease 1200 workstations affected by the worm (all Windows 2k, though there are some XP W/S's but they didn't seem to be affected by today's events). Don't know how many servers, total. No idea of the networking hardware (hubs and routers and such... They just don't tell us users about stuff like that). No idea of a "diagram" for the WAN/LAN layout, but if the assembly plant(s) were involved, then it should give you some idea of the scale of it.

Originally Posted by beezlebubsbum

The best way would be to make sure everyone is using Linux. Windows is shit, plain and simple! I suppose the worm must have entered the network via an email attachment, or via a download that a company would not permit. My recommendation is to scan all email entering the company before they arrive to the client, thus eliminating the spread of the worm from within the network.

I agree beez... I have no power/say-so, what so ever as to how things are set up in this place. I do know that they do system maintanence during the day, when we're trying to get work done :roll: . If that ain't assinine, I don't know what is. This was a bomb that's been ticking for a while, I think. I'd be very surprised if the system is fully up and at 'em tomorrow though.

Right now at your work snct you have about 40 techs hideing under the table and wimpering i do also feel sorry for them all i have to say is they should ahve been useing Linux/Unix/Mac and dumped windows i have seen
intire corps go out of buisness to to the affects of a wide spread virus or worm infection.